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(54) Method for constructing a VPN having an assured bandwidth 

(57) An IP tunnel 101 is constructed between routers 300A and 300B connected with the INTERNET 100. A 
bandwidth of the IP tunnel 101 is assured by setting-up a reservation resource protokol (RSVP) on the IP tunnel 
101. Further as a traffic control of the routers 300A, 300 and 300B on the IP tunnel 101, a frequency for sending 
packets, which are processed by an input processor and an output processor inside of the router, is allotted 
based on a ratio of the reserved bandwidth in each IP tunnel, the an algorithm for controlling the traffic is 
simplified. Furthermore each of the routers 300A, 300 and 300B on IP tunnel 101 has a function for scheduling 
a reservation and manages a time period at which a Virtual Private Network (VPN) of a type of the reservation 
resource protokol (RSVP) will be used, then it is possible to reserve the assurance of the bandwidth on a 
designated date and time in future. 
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FIG. 9(a) 

EMBODIMENT OF THE INVENTION 



At least one drawing originally filed was informal end the print reproduced here is taken from a later filed formal copy. 

This print takes account of replacement documents submitted after the date of filing to enable the application to comply 
with the formal requirements of the Patents Rules 1995 
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TITLE OF THE INVENTION 

Method for constructing a VPM having an assured bandwidth 

FIELD OF THE INVENTION 

This invention relates to a method for constructing a VPN(Virtual 
Private Network) on the INTERNET, especially relates to assurance and/or 
reservation of a bandwidth by every host and/or sub-network. 

BACKGROUND OF THE INVENTION 

The VPN is a network which constructs logical groups on a public 
network such as the INTERNET, wherein the logical groups are mutually 

clcaed. 

Generally, the public network such as the INTERNET is connected by 
the non-specific masses. Therefore, there is a security problem that 
it is not possible to avoid a dishonest access by a third party, 
because principally it is not possible that only specific users 
teieconunicate each other. 

Therefore, recently the VPN technique is watched. According to 
the VPN technique , a dedicated line is virtually constructed on the 
INTERNET by considering a counterplan of the security of end to end, 
and, the dedicated line is used as a mainstay between LAN and LAN 
(Local Area Network). 

Concretely, in the prior art of the VPN, a security is carried out 
by an encryption of data between end and end, an authentication of a 
user and a control of an access, then a closed group is provided by 
connecting specific points via the INTERNET. 

3/ constructing VPN on. the public network, it is possible for only 

- l - 



specific users to communicates each ether, and it is possible to use 
the INTERNET as a dedicated line. 

Hwever, because of its specification, the prior VPN does not 
assure network resources such as a bandwidth. 

Namely, the prior VPN is different from an original dedicated line 
in that the bandwidth is variable by an influence of other traffics and 
that it is difficult to predict its telecoraiijnication characteristics. 

Cn the other hand, an RSVP is known. Wherein, the RSVP is a 
resource reser^/atiar, protoksol which attaches importance to a QoS 
(Quality of Service; bandwidth, delay, flicker). 

Concretely, as shown in Fig. 7, all host terminals 201 in the 
specific LAN 200A and 2003 connected with the INTERNET 100 and all 
renters 30QA, 300B and 30OC between LAN 200A and 200B must support the 
RSVP in each application as a unit, m Fig. 7, a mark R Indicates a 
support of RSVP. 

Therefore, by the RSVP in each application, the user requests a 
network resource which satisfies a specific service quality for example 
a specific bandwidth to the network, then the user assures it. 

Nanely, in the prior art, the network resource has been reserved 
between and and end in each application as a unit by the RSVP. 

By the way, as shown in Fig.1, if the routers 3O0A, 300B and 300C 
only support the RSVP in each application, an application on the RSVP 
can net be connected with both LAN 200A and 2Q0B, because the 
application is terminated by the routers 300A and 300B at both ends. 

In a case of intending to assure the bandwidth of the VPN by 
combining prior art VPN with the RSVP, there are following problem (!) 
and ( 2). 

0) Since the network resources are assured by RSVP between end and end, 
ail hosts connected to VPN must support RSVP. 



(2) In the present utilization of VPN, a management in each host or sub- 
network as a unit is recommended than each application. In such case, 
an assurance of the bandwidth in each application is net proper. 
Wherei n, the sub-network is a network which is made by further 
dividing a best part of the IP address into a network part and host 
part. For example, the LAN 200A cr LAN 200B in Figs. 7 and 8 is divided 
into sub-networks. 

It is therefore desirable to provide a method for 
constructing a VPS' which assures a bandwidth in each host or in each 
sub-network as a unit, 

SUMMARY OF TOE INVENTION 

According to the present . invention, there is provided a method for 
constructing a VPN having assured, bandwidth which comprises steps of: 

a step of constructing an IP tunnel between routers connected with the 
INTERNET; 

a step of reserving a bandwidth of said IP tunnel by setting-up a 
reservation resource protokol ( RSVP) on said IP tunnel. 

In an enbudment of the present invention, further as a traffic 

control of saic router on said IP tunnel, a frequency for sending 
packets, which are processed by an input processor and an output 
processor inside of said router, is allotted based on a ratio of the 
reserved bandwidth in each IP tunnel. 

In another embodiment, further each of said routers on said IP 
tunnel has a function for scheduling a reservation and manages, based 
on the reservation schedule, a time period at which said reservation 
resource protokol- is used. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 shows a network model to which the present invention is 
applied. 

Fig, 2 shows a configuration of a traffic control in a router. 

Fig. 3 shows a process of the traffic control in the configuration 
shown in Fig, 2. 

Fig. 4 shows a packet queuing in the traffic control. 

Fig. 5 shows a process of a reservation schedule of VPN in the 
router. 

Fig. 6 shows a process of a reservation schedule of VPN in the 
router. 

Fig. 7 shows a conventional RSVr\ 

Fig. 8 shows a fault of the conventional RSVP when a host of a LAN 
does not support RSVP. 

Fig. 9(a) shows an embodiment of the present invention. 
Fig. 9(b) shows an embodiment of the present invention. 

Fig. 10 shows an explanation for simplifying an algorism cf a 
packet scheduling. 

DETAILED DESCRIPTION OF PREFEPJ5D EMBODIMENTS 

An embodiment of the present invention will be explained referring 
to Figs.9(a), 9(b) and 10. 

In an example shown in Fig. 9(a), an IP (Internet Protocol) tunnel 
101 is constructed between a router 300A and a router 30QB respectively 
connected with the DHERNET. As well-known, the IP tunnel is a section 
where a packet exists, wherein said packet is constructed by adding or 
encapsulating, tc an original packet, an I? header which has an IP 
address of the router 3GQA and an IP address of the router 3003 (a start 
point and an end poirx cf the IP tunnel 1 01 ) etc. An router in the end 



point; for example the router 300B, removes the IF header. 

Therefore, the IP tunnel 101 becomes a VPN for the LAN 20CA and 
the LAN 200B by passing, through the IP tunnel 101 , all traffics between 
the LAN 200A and the LAN 200B which are belonged to the routers 300A 
and 300B at both ends. 

Each cf the routers 300A, 30QB and 300C on the IP tunnel 101 
supports a RSVP (Reservation Resource Protokol), then these routers set 
up the RSVP cn the IP tunnel 101 . Each application 202 on both LAN 
20OA and 200B is encapsulated at the start point of the IP tunnel, 
because a bandwidth is assured at the IP tunnel 101 (between routers 
300A and 3006) by the RSVP. Then, it is possible for the application 
202, as the data adaptive to the RSVP between routers 300A and 30QB, to 
use network resource (for example, a bandwidth) assured on the IP 
tunnel. 

ttierein, as shown in fig.9(b), a section of the IP tunnel 101 at 
least includes a section where the RSVP assures the bandwidth (for 
example, a section between routers 300A and 30QB). 

Nainely, it is possible to reserve a bandwidth in every IP tunnel. 
The bandwidth is reserved not by each application but by each host or 
each sub-network in the LAN 2O0A and 2003. It is not necessary for the 
host 201 tc support the RSVP. 

The reservation of the bandwidth is cancelled by sending a message 
of cancellation by the RSV? f ran the router 300A (or 3008) to others 
300 and 300B (or 300 and 3C0AJ . 

Since the bandwidth in assured on the RSVP, it is not necessary to 
change a parameter cf each node by oanual, then a hunan cost can be 
deleted. Further, it is possible to speedily and flexibly allocate the 
bandwidth according to a short-tera demand. Furthermore, it is easy to 
cancel the assured bandwidth. 



As mentioned-above, by co;ribining the P tunnel 101 with the RSVP, 
it is possible tc construct the VPN which enables to assure the 
bandwidth in host 201 or sab-network as a unit without receiving the 
influence of another traffic. 

By the way, while the RSVP is a protocol for reserving and 
establishing a network resource, it dose not prescribe a concrete 
method for controlling a QaS (bandwidth, delay, flicker etc, ). 
Therefore, a assurance of the QoS in the network is depend on a traffic 
control of the router and/or a switch. A WPQ (Weight Fair Queuing) is 
a complex algorism, because it controls a bandwidth and a delay by 
cfeteriaining a priority according to a traffic characteristics of an 
application, vaierein the WQ is known as an algorism for a packet 
•and/or a scheduling. 

In this case, since only bandwidth as the network resource is 
reserved, it is possible to control the assurance of the bandwidth by a 
simple algorism of a packet scheduling as shown in Fig. 10 except for 
said congjlex algorism of WPQ. Especially, the traffic control of each 
router 30QA, 300 or 300B on the IP tunnel 101 is sifflplified by using an 
algorism that a frequency cr a number of packets which are processed by 
an input processor and an output processor inside of said routers 300 A, 
300 and 300B, is allotted based on a ratio of the bandwidth reserved in 
each IP tunnel 101 . 

Li fig. 10, the packet schedule is carried out by a packet 
scheduler 401 , a buffer 402 for plural RSVP (IP tunnel) and a 

buffer 403 for non RSVP (a protokol except for RSVP). Namely, since a 
bandwidth between adjacent miters is divided to a bandwidth for each of 
the plural IP tunnels and a bandwidth for others (a bandwidth for non 
IP tunnel) , a buffer space in the each router is divided to the buffer 
U02 for the plural I? tunnels and the buffer 403 for others (for non IP 



tunnel). It is assumed that a packet is arrived at each buffer HQ2 for 
RSVP with sane distribution cf a traffic characteristics. Then, an 
algorism is simplified by allotting a buffer size of each buffer 402 fcr 
RSVP and a frequency for packets which are send from each buffer 1402 
for RSVP by the scheduler 4G1 based cm a ratio of the reserved bandwidth 
in each IP tunnel. Wherein, the buffer 403 for non RSVP sends out 
a packet in a low priority. For exanple, the buffer U03 for non RSVP 
sends out a packet uhen no packet is in the buffer U02 for RSVP. 

Furthermore, in the reservation of the network resources by using 
the original RSVP, the network resources are reserved only uhen the 
resources are necessary. Howsver, in the present invention, it is 
possible to extend the original RSVP and to designate a date or a tine 
when the reserved bandwidth will be used, because each of routers 30QA, 
300 and 300B on the IP tunnel 101 has a function tor scheduling a 
reservation and manages a tine period at which VPN of a type of a 
reservation resource is used. 

An embodiment cf the present invention will be explained referring 
tc Figs. 1—6. 

In a network model shown in Fig.", three LANs 200A, 20GB and 200C 
are connected with the INTERNET via routers 300A, 300B and 300C which 
support RSVP. A router 300 on the INTERNET also supports RSVP, An IP 
tunnel 101 is set between the router 300A and the router 300B, also an 
IP tunnel is set between the router 300B and the router 3Q0C, and, an IP 
tunnel is set between the router 300C and the router 300A. Iten, all 
traffics between LAN 200A and LAN 20GB are passed through the IP tunnel 
101 , all traffics between LAN 2003 and LAN 200C are passed through the 
IP tunnel between the router 30GB and the router 30X, and, all 
traffics between LAN 200C and LAN 200A are passed through the IP tunnel 
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between the router 300C and the router 300A. 

The IP tunnel 1 01 is set by adding an Ip tunnel function only on a 
machine (IP tunnel server ) at both ends of the IF tunnel 101 , Namsly, 
a router at one end of the IP tunnel (for example, the router 300A) 
request the setting cf the IP tunnel to a router at another end of the 
IP tunnel (for example, the router 30QB), then the IP tunnel is set. 

As aentioned-above, encapsulation or cancellation of the IP packet 
at a start point or an end point of the IP tunnel is carried cut in a 
range including a section 102 (shewn in fig* 9) where a bandwidth is 
assured by RSVP« Therefore, it is possible that the Ip tunnel function 
is added by a provider of a bandwidth (for example, teleccnnunioation 
carrier). Further, as shown Id Fi£„9(b), it is possible for a user of 
the bandwidth to add the Ip tunnel function cn LANs 200A and 2O0B by 
using a 3P tunnel server 203- 

Furthermore, in this embodiment, a security is carried out by an 
encryption of data between LAN 200A and 20QB, between LAN 2005 and 
200C, and, between LAK 200C and 200A, an authentication of a user and a 
control of an access, then LANs 20QA, 2CQB and 200C are connected each 
other via the INTERNET, 

The router is constructed as shewn in Fig.! for controlling the 
traffics. In this embodiment, each router has two input interfaces and 
two output interfaces, because usual router has plural input interfaces 
and plural output interfaces. 

In the router, at a process for assuring a bandwidth by RSVP 
before data transmission, the input buffer 301 for RSVP and one input 
buffer 302 for ncn RSVP (for non-reserved-type packet) are set in a 
input side, and the output buffer 303 for RSVP and the output buffer 
304 for nan RSVP are sex, in output side. A number N of the input buffer 
301 is the sane number of the IP tunnel (a number of reservation). A 
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number L+M of the output buffer 303 is lapgsr than the number of the IP 
tunnel (a nunber cf reservation), Ctoe output buffer 304 is set in each 
output interfac e. Wherein, a size of each buffer is variable according 
to the bandwidth reserved to each IP tunnel. 

Further, the router comprises an input processor 305, an output 
processor 306 for each outwit interfaces, an processor 307 for 
identifying a reservation and a reservation data-base 308 linked to the 
processor 307, In the data base 308, an existence of a bandwidth 
reservation and data which is necessary to identify, verify and confirm 
each content of a reservation (for sxaaiple, I? arrlrps*; cf sanding side, 
IP address of receiving side, port nuaber, protokol ID, reserved 
bandwidth, etc.) are stored. In fig- 2, 309 denotes an original packet 
(IF datagram), 310 denotes an IP header in which the IF address of the 
routers at both ends of the IF tunnel and 31 1 denotes a encapsulated 
packet to which the I? header 310 was added. 

The reservation of the bandwidth to the IP tunnel is carried 
principally when a host or a sub-network on LAN needs the bandwidth. 
For the reservation, the test or sub-network informs a request for an 
assurance of a bandwidth to a router at one end of a section viiere a 
bandwidth is assured by RSVP, and, informs a content (for example, IP 
address of sending side, IP address of receiving side, port number, 
protokol ID, reserved bandwidth, etc.) cf a reservation. The router 
transfers these inforxation to other routers on a way and a router at 
another end of the IP tunnel by RSVP. Each router stores the 
reservation of the bandwidth and its content In the data-base 308. If 
a certain router can not reserve ^he bandwidth, the router informs a 
message indicating a rejection of the request to the router at the 
point. 
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A traffic control in the router will be explained referring to Fig 
s.2 -4. 

(1) As steps SI — S2 shown in Fig.3, referring to the data-base 305, 
the processor 307 identifies, verifies and confirms an existence of a 
bandwidth reservation and each content of a reservation (for example, IP 
address of serxiing side, IP address of receiving side, port nunber, 
protokol ID, reserved bandwidth, etc.) to packets arrived at each input 
interface. 

(2) After identification, verification and confirmation of the existence 
of a bandwidth reservation and the content of each reservation, as 
steps S3 shown in Fig.3i the processor 307 allocates the packets to the 
input buffer corresponding to the reserved IP tunnel. 

(3) At a transferring the packets,, the input processor 305 obtains a 
packet from the input buffer having a high priority, as follows®-*®. 

® As show in Fig.*, it is assured that three buffers #1 ,#2, #3 are 
used as the input buffer 301 for RSVP, one input buffer 302 for nan- 
RSVP is used and a ratio of each reserved bandwidth of IP tunnel and 
ncn reserved bandwidth is i:j:k:x, 

(9) The input processor 305 takes out the packet from each input 
buffer by accessing each input buffer with a frequency fa according to 
the ratio of the bandwidth. Concretely, the frequency fo is indicated 
by fnRn/(i+j+k+x), wherein m is any one of i,j,k and x. If no packet 
exists in all input buffers #1 — #3 for RSVP when the input processor 305 
accesses tc these buffers, the input processor 305 accesses to the 
input buffer 302 for non-RSVP. If a packet exists in the input buffer 
302, the input processor 305 takes it out form the buffer 302. 

(4) After processing tc the input buffers, the input processor transfers 
the packet tc corresponding output buffer. 

(5) As steps So ~S7 in Fig. 3, the output processor 306 corresponding to 



each output interface takes cut the packet frco the output buffer. 
Namely, 

© As show in Fig. 4, it is assumed that three buffers tfl ,#2 ,#3 are 
used as the output buffer 303 for RSVF, one output buffer 504 for nas- 
RSV? is used and a ratio of each reserved bandwidth of IP tunnel and 
nan reserved bandwidth is i:j:k:x. 

(D The output processor 306 takes out the packet from each output 
buffer by accessing each output buffer with a frequency fm according to 
the ratio of the bandwidth. Concretely, tha frequency fta is indicated 
by fa=ai/(i+j+k+x), where ir. m ia any one of i, j,k and x. If no paokst 
exists in all output buffers #1 ~-%3 for RSVP when the output processor 
3C6 accesses to these buffers, the output processor 305 accesses to the 
output buffer 30k for ncn-RSVP. If a packet exists in the output 
buffers 304, the output processor 306 takes it out form the buffer 30U. 

Next, a reservation schedule function of VPK will be explained 
referring to Fi3s.5~6. As aentioned-above, while in the reservation 
of the network resources by using the original RSVP, the network 
resources are reserved only when the resources are necessary, in the 
present embodiment, by the following processes (I) —(V), it is 
possible to designate a date or a time when the reserved bandwidth will 
be used. A step S28 in Fig.5 is continued to a step S29 in Fig.6. 

(I) As steps S21 and S22 shown in Fig.5, when it occurs to reserve in 
advance a use of the resource reservation-type VPN, it is confirmed 
whether a setting of a section for an IP tunnel by RSVP is possible or 
not. If impossible, as steps S23 and S24, the reservation in advance is 
rejected. 

(II) If the setting is possible, as steps S23 and S25 shown in Fig.5, 
it is confiroed whether an assurance of a bandwidth which will be 
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req'uired at future data and tire is possible or net. If impossible, as 
steps S26 and S2U r the reservation in advance is rejected* 
(TTT) If the assurance is possible, as steps S26 and 327, necessary 
information of the reservation (date, time, bandwidth to be reserved,. IP 
address of sending side, IP address of receiving side, port number, 
protokol ID, etc*} are registered cn a data-base for reservation in all 
routers on a section for an I? address. 

(IV) On the designated date and term, as steps S28 shown in Fig. 5 tc 
S3! shown in Fig. 6 aid as following process <£r~<&, it is started to 
provide the reserved bandwidth. 

(D After 3 raonitor during a predetermined period, as steps S28 and 
S2M shown in Fig. 5, if no traffic exists from a host which reserved the 
bandwidth, the reservation in advance is rejected. 

© As steps S29 and S30 shown in Fig.6, when a bandwidth is 
insuf f icient by a traffic which is not reserved in advance or not 
scheduled, one of following traffic controls (a) and (b) is carried out 
according to a kind of the non-reserved traffic. 

(a) If a protokol of the rran-resenred traffic is net RSVP, all 
the traffic is rejected. 

(b) If a protokol of the ncn-reserved traffic is RSVP, a message 
for cancellation of its reservation is inforoed to its user, then the 
reservation is rejected, 

(V) After the designated date and i^nn, as steps S32 shown in Fig. 6, it 
is finished to provide the reserved bandwidth. 

According to embodiments of the present invention, it is possible 
to obtain a traffic characteristics which is not influenced by other 
traffics and more stabilized than conventional VPN, because of constructing 
an IP tunnel between routers connected with the INTERNET and reserving a 
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bandwidth cf-saic IP runnel by setting-up a reservation resource 
protokoi (RSVP) on said P tunnel. It is not necessary for each 
application to reserve a network resource because an assurance of a 
bandwidth by RSVP is carried out by an P tunnel between routers, then 
it is not necessary for each host and/or sub-network to support 3SVP. 
Setting and cancelling the assurance of the bandwidth are easy, because 
the bandwidth is assured by RSVP. Therefore, it is not necessary to 
change a parameter of each node by manual, then a human cost can be 
deleted. Further, it is possible to speedily and flexibly allocate the 
bandwidth according tc a short-term demand. FluTtnerrore, it is useful 
to transmit a large amount of data in short-term usage. 

Further according to embodiments of the present invention, an algorism 
for the traffic control is very simplified, because, as a traffic control 
of said router on said IP tunnel, a frequency for sending packets, which 
are processed by an input processor and an output processor inside of 
said router, is allotted based on a ratio of the reserved bandwidth in 
each IP tunnel. 

Furthermore, while in the reservation of the network resources 
by using the original RSVP, the network resources are reserved . only 
when the resources are necessary, according to embodiments of the present 

invention, it is possible to reserve the assurance of the bandwidth en 
designated date and time in future, because each of routers on the IP 
tunnel has a function for scheduling the reservation and manages a time 
period at which VPN of a type of RSVP will be used. 



-13- 



WHAT IS CLAIMED IS: 

1 . A method for constructing a VPN havirjg assured bandwidth 
comprising steps of : 

a step of constructing an IP tunnel between routers connected with 
tfaa INTERNET; 

a step cf reserving a bandwidth of said P tunnal. by setting-up a 
reservation resource protokoL (RSVP) on said 3P tunnel, 

2. The method claimed in claim 1 , wherein each of said routers on 
said IP tunnel has a function for scheduling a reservation and Damages, 
based on the reservation schedule, a time period at which said 
reservation resource protokcl is used. 

3. The method claimed in claim 1 wherein, as a traffic control of 
said router on said IP tunnel, a frequency for sending packets, which 
are processed by an input processor and an output processor inside of 
said router, is allotted based on a ratio of the reserved bandwidth in 
each IP tunnel. 

4. The Dethod claimed in claim 2 wherein, as a traffic control of 
said router on said IP tunnel, a frequency for sending packets, which 
are processed by an input processor and an output processor inside of 
said rcuter, is allotted based on a ratio of the reserved bandwidth in 
each IP tunnel. 

5. A method for constructing a VPN having assured bandwidth 
substantially as hereinbefore described with reference to the 
accompanying drawings. 
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